Security is now a central concern for technical people and I would argue for most consumers. It is now typical for criminals to target banks, hospitals, and other critical institutions. Privacy is also an issue that is central to a free and progressive society. One solution that gets thrown out is SSL encryption for websites and how we all now need to secure our sites with an SSL certificate. Due to the market though, SSL certificates are one of those things that companies have a hard time making money off of. Most people do not buy SSL certificates, so you wind up with a market that sells bare bones SSL certificates that range around $25 and extended validation certificates for large ecommerce websites that cost thousands of dollars. This is where Let’s Encrypt changes things. Their certificates are free and are recognized by the web browser as a valid secure certificate. This makes SSL encryption a zero cost option for millions of individual webmasters who run websites like WebKeyDesign. There is one other difference with Let’s Encrypt certificates: they are limited to 3 month intervals instead of yearly intervals. However what makes Let’s Encrypt more appealing to webmasters is that the software makes renewals automatic and there is now software integration with cPanel and Virtualmin control panels.
My personal project is a virtual machine that I keep for journal purposes. It allows me the ability to write some thoughts and archive information for later viewing. The virtual machine runs CentOS 7 Linux and can be controlled using Virtualmin. The SSL certificate that was originally setup was self-signed and so I would have to manually add the certificate to iOS, MacOS, and make exceptions in browsers in order to use the website.
I followed TechJourney’s excellent guide: How to Use Let’s Encrypt SSL Certificate Automatically in Virtualmin & Webmin. There were a couple of issues I found out along the way.
The tutorial did not specify the path to the client command. For CentOS, I found this to be:
Let’s Encrypt SSL for Webmin Login
A secondary problem that I ran into had to do with the separate subdomains. The Apache webserver will respond on your typical www.mydomain.net and mydomain.net, however the Webmin control panel is accessible by another prefix to mydomain.net. Under Virtualmin – Server Configuration – Manage SSL Certificate, the default will be Domains associated with this server. This setting will only pull in the domains that Apache is setup for. If you want to use the Let’s Encrypt SSL Certificate for other subdomains, you have to select Domain names listed here and manually type all your subdomains. You can then under the Current Certificate tab use the Copy to options and use the same certificate for Webmin, Usermin, etc.
If you went ahead and hit the Request Certificate button and then try to add domains, the process will error out. There is no way to reset the certificates from the Virtualmin interface. To resolve the problem, use secure shell and remove the letsencryt directory.
rm -rf /etc/letsencrypt
This allowed me to use the Request Certificate option again and have all my subdomains added to the certificate.
Over the last few weeks I’ve had to work on a Wiki. Overall the experience has been quite challenging, and I have had to adjust somewhat to the limitations of the Wiki script. While I do like the benefit of being able to quickly edit a page or section, I also find myself editing more and more, because I either hate the way my information is presented, or can’t decide on how to organize it. In other words, I find myself being more of an editor than actually authoring content, which over time frustrates me, because the whole reason I am using a wiki in the first place is to create content. The more I use wiki, the more I am beginning to think that I really don’t like wiki as a creative tool. Perhaps it is because I am now too comfortable with regular HTML, or because I use WordPress so much, or maybe because in the end, wiki tools are boring.
I have started to insert more HTML and CSS within the wiki entries to make them look nicer and I am somewhat satisfied with the results now. However I still can’t escape the notion that wiki is as limiting as using Microsoft PowerPoint, which I consider to be one of the worst pieces of software to ever be invented. I hate when people reduce complicated ideas into bullet points. Real life can’t be reduced to just an unordered list of points, it has to have meaning and sadly I think the wiki tool is just one step better than PowerPoint, which is to say it is mediocre. Not bad, but not great.
If you are thinking of starting up an eCommerce site or simply want to secure part of your website, then you probably are shopping around for an affordable SSL certificate. A few years ago there was no such thing as an affordable SSL cert. Every certificate would cost hundreds of dollars and the ones that did not were not officially recognized by the major browsers. Today, you have better options unless your eCommerce business is significant, in that case, you are still better off using a more expensive certificate. For the rest of us who can’t afford a 100% recognized certificate, there are options. The following sites all offer certs at reasonable prices. Our site, WebKeyDesign uses a RapidSSL certificate.
- EV1Servers offers affordable RapidSSL certs and higher end QuickSSL certificates. EV1Servers is a major reseller of certificates, so that is why their prices are lower than other resellers and the certificate authority.
- GoDaddy.com sell their own branded Turbo SSL and High Assurance certs. These certificates offer 256-bit encryption which is twice the encryption of most SSL certs.
- Registerfly.com is another SSL reseller. They include custom Registerfly SSL logos with their certs.
You should be able to purchase an affordable SSL cert for around $20 from any of these sites. Although most older browsers will not officially recognize this type of certificate.
Before purchasing the certificate, you should decide before hand what url the certificate should be installed to. Most webmasters select a subdomain, like http://secure.yoursite.com, but you can use your regular site url (http://www.yoursite.com). For Windows servers, double-check before hand that the certificate you are purchasing works on Windows and your particular webserver software. Most of these certs should work on your standard cPanel based server (Apache + UNIX based OS like Linux).